Published 2021.Dec.22:
Log4j is neither embedded in nor a dependency of any Gurobi product, past or present. Log4j is a software library for Java, and most of Gurobi's components are not written in Java. Additionally, the few components that are written in Java do not have Log4j as a dependency, and are therefore not affected by the recently identified security vulnerability.